Вроде работает

backend/src/services/llm_provider.py

@@ -0,0 +1,117 @@
+# [DEF:backend.src.services.llm_provider:Module]
+# @TIER: STANDARD
+# @SEMANTICS: service, llm, provider, encryption
+# @PURPOSE: Service for managing LLM provider configurations with encrypted API keys.
+# @LAYER: Domain
+# @RELATION: DEPENDS_ON -> backend.src.core.database
+# @RELATION: DEPENDS_ON -> backend.src.models.llm
+
+from typing import List, Optional
+from sqlalchemy.orm import Session
+from ..models.llm import LLMProvider
+from ..plugins.llm_analysis.models import LLMProviderConfig, LLMProviderType
+from ..core.logger import belief_scope, logger
+from cryptography.fernet import Fernet
+import os
+
+# [DEF:EncryptionManager:Class]
+# @PURPOSE: Handles encryption and decryption of sensitive data like API keys.
+class EncryptionManager:
+    # @INVARIANT: Uses a secret key from environment or a default one (fallback only for dev).
+    def __init__(self):
+        self.key = os.getenv("ENCRYPTION_KEY", "7_u-l7-B-j9f5_V5z-5-5-5-5-5-5-5-5-5-5-5-5-5=").encode()
+        self.fernet = Fernet(self.key)
+
+    def encrypt(self, data: str) -> str:
+        return self.fernet.encrypt(data.encode()).decode()
+
+    def decrypt(self, encrypted_data: str) -> str:
+        return self.fernet.decrypt(encrypted_data.encode()).decode()
+# [/DEF:EncryptionManager:Class]
+
+# [DEF:LLMProviderService:Class]
+# @PURPOSE: Service to manage LLM provider lifecycle.
+class LLMProviderService:
+    def __init__(self, db: Session):
+        self.db = db
+        self.encryption = EncryptionManager()
+
+    # [DEF:get_all_providers:Function]
+    # @PURPOSE: Returns all configured LLM providers.
+    def get_all_providers(self) -> List[LLMProvider]:
+        with belief_scope("get_all_providers"):
+            return self.db.query(LLMProvider).all()
+    # [/DEF:get_all_providers:Function]
+
+    # [DEF:get_provider:Function]
+    # @PURPOSE: Returns a single LLM provider by ID.
+    def get_provider(self, provider_id: str) -> Optional[LLMProvider]:
+        with belief_scope("get_provider"):
+            return self.db.query(LLMProvider).filter(LLMProvider.id == provider_id).first()
+    # [/DEF:get_provider:Function]
+
+    # [DEF:create_provider:Function]
+    # @PURPOSE: Creates a new LLM provider with encrypted API key.
+    def create_provider(self, config: LLMProviderConfig) -> LLMProvider:
+        with belief_scope("create_provider"):
+            encrypted_key = self.encryption.encrypt(config.api_key)
+            db_provider = LLMProvider(
+                provider_type=config.provider_type.value,
+                name=config.name,
+                base_url=config.base_url,
+                api_key=encrypted_key,
+                default_model=config.default_model,
+                is_active=config.is_active
+            )
+            self.db.add(db_provider)
+            self.db.commit()
+            self.db.refresh(db_provider)
+            return db_provider
+    # [/DEF:create_provider:Function]
+
+    # [DEF:update_provider:Function]
+    # @PURPOSE: Updates an existing LLM provider.
+    def update_provider(self, provider_id: str, config: LLMProviderConfig) -> Optional[LLMProvider]:
+        with belief_scope("update_provider"):
+            db_provider = self.get_provider(provider_id)
+            if not db_provider:
+                return None
+            
+            db_provider.provider_type = config.provider_type.value
+            db_provider.name = config.name
+            db_provider.base_url = config.base_url
+            if config.api_key != "********":
+                db_provider.api_key = self.encryption.encrypt(config.api_key)
+            db_provider.default_model = config.default_model
+            db_provider.is_active = config.is_active
+            
+            self.db.commit()
+            self.db.refresh(db_provider)
+            return db_provider
+    # [/DEF:update_provider:Function]
+
+    # [DEF:delete_provider:Function]
+    # @PURPOSE: Deletes an LLM provider.
+    def delete_provider(self, provider_id: str) -> bool:
+        with belief_scope("delete_provider"):
+            db_provider = self.get_provider(provider_id)
+            if not db_provider:
+                return False
+            self.db.delete(db_provider)
+            self.db.commit()
+            return True
+    # [/DEF:delete_provider:Function]
+
+    # [DEF:get_decrypted_api_key:Function]
+    # @PURPOSE: Returns the decrypted API key for a provider.
+    def get_decrypted_api_key(self, provider_id: str) -> Optional[str]:
+        with belief_scope("get_decrypted_api_key"):
+            db_provider = self.get_provider(provider_id)
+            if not db_provider:
+                return None
+            return self.encryption.decrypt(db_provider.api_key)
+    # [/DEF:get_decrypted_api_key:Function]
+
+# [/DEF:LLMProviderService:Class]
+
+# [/DEF:backend.src.services.llm_provider:Module]